So apparently the 'D_FORTIFY_SOURCE=2' is in CPPFLAGS (not read by cmake) but not in CXXFLAGS (read by cmake)[1].
So maybe I should define? CXXFLAGS=$(CXXFLAGS) $(CPPFLAGS) This is the current state of mysqld, should I be happy with this or is it relevant that all functions are protected? hardening-check --verbose --color mysqld mysqld: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) unprotected: strcpy unprotected: strcat unprotected: recv unprotected: snprintf unprotected: getcwd unprotected: readlink unprotected: memset unprotected: poll unprotected: fread unprotected: fgets unprotected: strncpy unprotected: sprintf unprotected: stpcpy unprotected: strncat unprotected: memcpy unprotected: read unprotected: confstr unprotected: pread64 unprotected: memmove unprotected: gethostname protected: strcpy protected: snprintf protected: vfprintf protected: memset protected: poll protected: vasprintf protected: fread protected: strncpy protected: sprintf protected: vsprintf protected: memcpy protected: fdelt protected: realpath protected: pread64 protected: vsnprintf protected: fprintf protected: memmove protected: printf Read-only relocations: yes Immediate binding: yes [1] https://cmake.org/Bug/view.php?id=12928
